Privacy Policy

Last Updated: October 2025

CallGuru Limited ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our AI-powered translation service.

1. Information We Collect

1.1 Account Information

We collect information necessary to create and manage your account, including but not limited to:

Name, email address, phone number
Company name and business details
Billing and payment information
Account preferences and settings

1.2 Call Data

When you use our service, we collect:

Call metadata (duration, time, date, language pairs)
Call transcriptions (enabled by default, configurable in settings)
Translation quality analysis results (enabled by default, configurable in settings)
Audio recordings of calls (optional feature you can enable in settings)

You can configure these features in your account settings at any time.

1.3 Technical Data

IP address and device information
Usage data and analytics.

2. How We Use Your Information

We use your data to:

Provide real-time translation services during calls
Generate call transcriptions for your records
Perform automated quality analysis of translations (to help you assess service quality)
Process payments and manage your account
Send service-related communications
Comply with legal obligations
Detect and prevent fraud

2.1 AI Provider Data Commitments

Our translation service uses third-party AI providers to process voice and text data. Important privacy commitments:

No Training on Your Data: Neither CallGuru nor our AI providers use your data to train AI models or improve their algorithms
30-Day Retention: API inputs and outputs may be retained by our AI provider for up to 30 days for service provision and abuse detection, after which they are deleted
Zero Data Retention: For organizations with sensitive data requirements (e.g., healthcare, legal), we can request Zero Data Retention (ZDR) where data exists only in memory and is not persisted to any logging mechanism
Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
You Own Your Data: You retain all rights to your data, including inputs and outputs from the service

If your organization requires Zero Data Retention, please contact us at contact@callguru.net for more information.

3. Legal Basis for Processing Data (UK GDPR)

Under UK GDPR, we must have a lawful basis for processing your personal data. The table below explains which legal basis we rely on for each type of data processing activity:

Purpose	Legal Basis
Providing the service	Contract performance
Payment processing	Contract performance
Service improvements	Legitimate interest
Marketing (with consent)	Consent
Legal compliance	Legal obligation

4. Data Retention

Call recordings: Stored securely with our telephony provider for up to 90 days (not accessible to users)
Transcripts: Stored for 365 days by default (configurable in settings from 30 to 730 days, or indefinitely)
Account data: Retained while account is active, then 7 years for tax purposes.

5. Data Sharing

We may share your data with:

Service providers: Third-party providers for AI processing, telephony services, and payment processing
Legal authorities: When required by law
Business transfers: In case of merger or acquisition

All service providers are carefully vetted and bound by data processing agreements to protect your information.

We do not sell your personal data to third parties.

6. International Transfers & Data Residency

6.1 Default Storage Locations

CallGuru operates with the following data residency model:

European Union (by default): Account information, call transcripts, and quality assurance analyses are stored in European Union datacenters
United States (by default): AI processing (real-time translation and analysis) routes through United States datacenters where the most advanced AI models are available

6.2 AI Data Residency Options

You can configure AI processing to remain within the European Union by changing your AI Data Residency setting to "European Union" in your account Settings. This ensures all AI translation and analysis processing occurs within EU datacenters.

Important: When using European Union AI data residency, you may experience reduced translation quality due to model availability differences between regions.

6.3 International Transfer Safeguards

When data is processed outside the UK, we ensure appropriate safeguards are in place through:

Standard Contractual Clauses (SCCs)
Adequacy decisions
Data Processing Agreements

7. Your Privacy Controls

7.1 Settings You Can Control

You have direct control over your privacy settings through your account dashboard:

GDPR Compliance Mode: Enabled by default.
Call Transcription: Enabled by default (configurable in Settings)
Translation Quality Analysis: Enabled by default (configurable in Settings)
Data Retention Period: Configure how long call data is retained (30, 60, 90, 180, 365, or 730 days, or keep forever). Default is 365 days. Note: GDPR deletion requests are honored immediately regardless of this setting
Caller Access Control: Configure allowed numbers (whitelist) and blocked numbers (blacklist) for enhanced call security

7.2 Automated Data Deletion

When you configure a data retention period, our system automatically schedules call transcripts and related data for deletion after the specified period. This helps you comply with data minimization principles under GDPR.

8. Your Rights (UK GDPR)

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data ("right to be forgotten") - available through Settings when GDPR mode is enabled
Restriction: Limit how we use your data
Portability: Receive your data in a structured JSON format - available through Settings when GDPR mode is enabled
Object: Opt out of certain processing activities
Withdraw consent: For processing based on consent

8.1 How to Exercise Your Rights

To exercise these rights:

Data Export: Request a complete export of all your organization's data in JSON format by contacting us at contact@callguru.net
Right to be Forgotten: Request immediate deletion of all call data associated with specific phone numbers through your Profile tab or by contacting us
Contact Us: For any privacy-related requests, email contact@callguru.net

8.2 Caller Consent

You must obtain appropriate consent from callers before processing their personal data through our service, where required by applicable data protection laws.

Consent applies to:

Call recording
Transcription
AI-powered translation and processing

Your Responsibility:

Inform callers about the translation service and obtain consent appropriate to the situation. The level of detail should be proportionate to the context:

Emergencies: Implied consent may apply
Caller-requested translation: Reasonable to assume understanding of transcription and AI processing
Language barriers: Obtaining consent after connecting may be acceptable when prior explanation is impractical
Routine situations: More detailed explanation recommended

In many cases, asking "Would you like me to connect to a third-party AI translation service?" provides sufficient notice. Your approach must be reasonable, context-appropriate, and compliant with applicable data protection requirements.

9. Security

We implement appropriate technical and organizational measures to protect your data:

End-to-end encryption for platform data
Secure Telephony: All phone calls use Transport Layer Security (TLS v1.2+) for SIP signaling encryption and Secure Real-time Transport Protocol (SRTP) with AES_CM_128_HMAC_SHA1_80 cipher suite for call media/audio encryption
Encryption Standards: Platform data encrypted at rest using AES-256 and in transit using TLS 1.2+
Secure data centers with ISO 27001 certification
Regular security audits and penetration testing
Access controls and authentication
Employee training on data protection

Note: When TLS encryption is enabled for telephony, SIP signaling packets are not visible in call diagnostic captures, ensuring additional privacy for call setup information.

10. Cookies

We may use cookies and similar technologies for:

Essential functionality (authentication, security)
Analytics (with your consent)
Service improvement

You can manage cookie preferences in your browser settings.

11. Children's Privacy

Our service is intended for use by businesses and organizations, not directly by children under 16. We do not knowingly collect personal data directly from children.

However, we recognize that our translation service may be used in scenarios where children are third parties to calls (for example, when our AI interpreter is conferenced into a call involving a child patient, student, or family member). In such cases:

The data controller (the organization using our service) is responsible for obtaining appropriate consent from parents or guardians
Organizations using our service must comply with applicable child protection laws
We process such data only as a data processor acting on the organization's instructions

If you believe a child's data has been inappropriately collected, please contact us immediately at contact@callguru.net.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of material changes via email.

13. Data Protection Registration

CallGuru Limited is registered with the Information Commissioner's Office (ICO) as a data controller:

Registration Reference: ZC000328
Date Registered: 26 September 2025
Registration Expires: 25 September 2026
Payment Tier: Tier 1
Data Controller: CALLGURU LIMITED

14. Contact & Complaints

Data Controller: CallGuru Limited
Email: contact@callguru.net
Address: CallGuru Limited, 14/2E Docklands Business Centre, 10-16 Tiller Road, London, E14 8TX

If you're unhappy with how we handle your data, you can complain to:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

← Back to Registration